<?php
include "DBConnect.php";

/*
$usuario	= str_replace("'", "", $_REQUEST['usuario']);
$password	= $_REQUEST['password'];
*/

if(isset($_REQUEST['login']) || !empty($_REQUEST['login']) && isset($_REQUEST['password']) || !empty($_REQUEST['password'])){
	$usuario	= $_REQUEST['login'];
	$password	= $_REQUEST['password'];
	
	$strSQL =	"SELECT id_usuario, login, nome_usuario " .
				"FROM usuario WHERE login = '". $usuario ."' AND senha = PASSWORD('". $password ."')";
	
	$User = execute($strSQL);
	
	$i = 0;
    $i = mysql_num_rows($User);    # Conta registros
	
	if ($i > 0){
		while ($linha = mysql_fetch_array($User)) {
			SESSION_START();
			//VARIAVEL QUE RECEBER      //CAMPO DA TABELA QUE QUER PEGAR
			$_SESSION['usuario']		= $linha["id_usuario"];
			$_SESSION['usuario_login']	= $linha["login"];
			$_SESSION['nome_usuario']	= $linha["nome_usuario"];
			$_SESSION['adm']			= "N";
			
			if($linha["id_usuario"] == 1){
				$_SESSION['adm'] = "S";
			}
		}
		
		header("Location: index.php");
	}else{
		erroLogin($_REQUEST['login']);
	}
}else{
	erroLogin("");
}

function erroLogin($login){
	?>
	<html>
	<body>
	<FORM name="form1" action="login.php" method="POST">
		<INPUT type="hidden" name="aviso" value="USU&Aacute;RIO/SENHA INV&Aacute;LIDO(S)"/>
		<INPUT type="hidden" name="login" value="<?echo $login?>"/>
	</FORM>
	<SCRIPT>document.form1.submit();</SCRIPT>
	</body>
	</html>
	<?
}
?>